{"files":{"SKILL.md":"---\nname: swiss-nextgen-banking-api-framework\ndescription: \"Swiss NextGen Banking API-Framework API skill. Use when working with Swiss NextGen Banking API-Framework for {payment-service}, accounts, consents. Covers 34 endpoints.\"\nversion: 1.0.0\ngenerator: lapsh\n---\n\n# Swiss NextGen Banking API-Framework\nAPI version: 1.3.8_2020-12-14 - Swiss edition 1.3.8.1-CH\n\n## Auth\nBearer bearer\n\n## Base URL\nhttps://api.dev.openbankingproject.ch\n\n## Setup\n1. Set Authorization header with Bearer token\n2. GET /v1/accounts -- read account list\n3. POST /v1/{payment-service}/{payment-product} -- create first v1\n\n## Endpoints\n34 endpoints across 5 groups. See references/api-spec.lap for full details.\n\n### {payment-service}\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /v1/{payment-service}/{payment-product} | Payment initiation request |\n| GET | /v1/{payment-service}/{payment-product}/{paymentId} | Get payment information |\n| DELETE | /v1/{payment-service}/{payment-product}/{paymentId} | Payment cancellation request |\n| GET | /v1/{payment-service}/{payment-product}/{paymentId}/status | Payment initiation status request |\n| POST | /v1/{payment-service}/{payment-product}/{paymentId}/authorisations | Start the authorisation process for a payment initiation |\n| GET | /v1/{payment-service}/{payment-product}/{paymentId}/authorisations | Get payment initiation authorisation sub-resources request |\n| GET | /v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId} | Read the SCA status of the payment authorisation |\n| PUT | /v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId} | Update PSU data for payment initiation |\n| POST | /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations | Start the authorisation process for the cancellation of the addressed payment |\n| GET | /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations | Will deliver an array of resource identifications to all generated cancellation authorisation sub-resources |\n| GET | /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations/{authorisationId} | Read the SCA status of the payment cancellation's authorisation |\n| PUT | /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations/{authorisationId} | Update PSU data for payment initiation cancellation |\n\n### Accounts\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /v1/accounts | Read account list |\n| GET | /v1/accounts/{account-id} | Read account details |\n| GET | /v1/accounts/{account-id}/balances | Read balance |\n| GET | /v1/accounts/{account-id}/transactions | Read transaction list of an account |\n| GET | /v1/accounts/{account-id}/transactions/{transactionId} | Read transaction details |\n\n### Consents\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /v1/consents | Create consent |\n| GET | /v1/consents/{consentId} | Get consent request |\n| DELETE | /v1/consents/{consentId} | Delete Consent |\n| GET | /v1/consents/{consentId}/status | Consent status request |\n| POST | /v1/consents/{consentId}/authorisations | Start the authorisation process for a consent |\n| GET | /v1/consents/{consentId}/authorisations | Get consent authorisation sub-resources request |\n| GET | /v1/consents/{consentId}/authorisations/{authorisationId} | Read the SCA status of the consent authorisation |\n| PUT | /v1/consents/{consentId}/authorisations/{authorisationId} | Update PSU Data for consents |\n\n### Funds-confirmations\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /v1/funds-confirmations | Confirmation of funds request |\n\n### Signing-baskets\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /v1/signing-baskets | Create a signing basket resource |\n| GET | /v1/signing-baskets/{basketId} | Returns the content of an signing basket object |\n| DELETE | /v1/signing-baskets/{basketId} | Delete the signing basket |\n| GET | /v1/signing-baskets/{basketId}/status | Read the status of the signing basket |\n| POST | /v1/signing-baskets/{basketId}/authorisations | Start the authorisation process for a signing basket |\n| GET | /v1/signing-baskets/{basketId}/authorisations | Get signing basket authorisation sub-resources request |\n| PUT | /v1/signing-baskets/{basketId}/authorisations/{authorisationId} | Update PSU data for signing basket |\n| GET | /v1/signing-baskets/{basketId}/authorisations/{authorisationId} | Read the SCA status of the signing basket authorisation |\n\n## Common Questions\nMatch user requests to endpoints in references/api-spec.lap. Key patterns:\n- \"Get v1 details?\" -> GET /v1/{payment-service}/{payment-product}/{paymentId}\n- \"Delete a v1?\" -> DELETE /v1/{payment-service}/{payment-product}/{paymentId}\n- \"List all status?\" -> GET /v1/{payment-service}/{payment-product}/{paymentId}/status\n- \"Create a authorisation?\" -> POST /v1/{payment-service}/{payment-product}/{paymentId}/authorisations\n- \"List all authorisations?\" -> GET /v1/{payment-service}/{payment-product}/{paymentId}/authorisations\n- \"Get authorisation details?\" -> GET /v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId}\n- \"Update a authorisation?\" -> PUT /v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId}\n- \"Create a cancellation-authorisation?\" -> POST /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations\n- \"List all cancellation-authorisations?\" -> GET /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations\n- \"Get cancellation-authorisation details?\" -> GET /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations/{authorisationId}\n- \"Update a cancellation-authorisation?\" -> PUT /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations/{authorisationId}\n- \"List all accounts?\" -> GET /v1/accounts\n- \"Get account details?\" -> GET /v1/accounts/{account-id}\n- \"List all balances?\" -> GET /v1/accounts/{account-id}/balances\n- \"List all transactions?\" -> GET /v1/accounts/{account-id}/transactions\n- \"Get transaction details?\" -> GET /v1/accounts/{account-id}/transactions/{transactionId}\n- \"Create a consent?\" -> POST /v1/consents\n- \"Get consent details?\" -> GET /v1/consents/{consentId}\n- \"Delete a consent?\" -> DELETE /v1/consents/{consentId}\n- \"Create a funds-confirmation?\" -> POST /v1/funds-confirmations\n- \"Create a signing-basket?\" -> POST /v1/signing-baskets\n- \"Get signing-basket details?\" -> GET /v1/signing-baskets/{basketId}\n- \"Delete a signing-basket?\" -> DELETE /v1/signing-baskets/{basketId}\n- \"How to authenticate?\" -> See Auth section above\n\n## Response Tips\n- Check response schemas in references/api-spec.lap for field details\n- Create/update endpoints return the modified resource on success\n- Error responses include status codes and descriptions in the spec\n\n## References\n- Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas\n\n> Generated from the official API spec by [LAP](https://lap.sh)\n","references/api-spec.lap":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api Swiss NextGen Banking API-Framework\n@base https://api.dev.openbankingproject.ch\n@version 1.3.8_2020-12-14 - Swiss edition 1.3.8.1-CH\n@auth Bearer bearer\n@common_fields {X-Request-ID: str # ID of the request, unique to the call, as determined by the initiating party., PSU-IP-Address: str(ipv4) # The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request., Digest: str # Is contained if and only if the \"Signature\" element is contained in the header of the request., Signature: str # A signature of the request by the TPP on application level. This might be mandated by ASPSP., TPP-Signature-Certificate: str(byte) # The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained., PSU-IP-Port: str # The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available., PSU-Accept: str # The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available., PSU-Accept-Charset: str # The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available., PSU-Accept-Encoding: str # The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available., PSU-Accept-Language: str # The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available., PSU-User-Agent: str # The forwarded Agent header field of the HTTP request between PSU and TPP, if available., PSU-Http-Method: str(GET/POST/PUT/PATCH/DELETE) # HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE, PSU-Device-ID: str # UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device., PSU-Geo-Location: str # The forwarded Geo Location of the corresponding http request between PSU and TPP if available.}\n@endpoints 34\n@hint download_for_search\n@toc {payment-service}(12), accounts(5), consents(8), funds-confirmations(1), signing-baskets(8)\n\n@group {payment-service}\n@endpoint POST /v1/{payment-service}/{payment-product}\n@desc Payment initiation request\n@required {payment-service: str(payments/bulk-payments/periodic-payments) # Payment service: Possible values are: * payments * bulk-payments * periodic-payments, payment-product: str(domestic-swiss-credit-transfers-isr/domestic-swiss-credit-transfers/domestic-swiss-credit-transfers-qr/domestic-swiss-foreign-credit-transfers/swiss-sepa-credit-transfers/swiss-cross-border-credit-transfers/pain.001-sepa-credit-transfers/pain.001-cross-border-credit-transfers/pain.001-swiss-six-credit-transfers) # The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - domestic-swiss-credit-transfers-isr - domestic-swiss-credit-transfers - domestic-swiss-credit-transfers-qr - domestic-swiss-foreign-credit-transfers - swiss-sepa-credit-transfers - swiss-cross-border-credit-transfers - pain.001-sepa-credit-transfers - pain.001-cross-border-credit-transfers - pain.001-swiss-six-credit-transfers **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants.}\n@optional {PSU-ID: str # Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session. In this case the ASPSP might check whether PSU-ID and token match, according to ASPSP documentation., PSU-ID-Type: str # Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. In this case, the mean and use are then defined in the ASPSP's documentation., PSU-Corporate-ID: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., PSU-Corporate-ID-Type: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., Consent-ID: str # This data element may be contained, if the payment initiation transaction is part of a session, i.e. combined AIS/PIS service. This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation., TPP-Redirect-Preferred: bool # If it equals \"true\", the TPP prefers a redirect over an embedded SCA approach. If it equals \"false\", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU., TPP-Redirect-URI: str(uri) # URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals \"true\". It is recommended to always use this header field. **Remark for Future:** This field might be changed to mandatory in the next version of the specification., TPP-Nok-Redirect-URI: str(uri) # If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP., TPP-Explicit-Authorisation-Preferred: bool # If it equals \"true\", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality. If it equals \"false\" or if the parameter is not used, there is no preference of the TPP. This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step, without using a signing basket., TPP-Rejection-NoFunds-Preferred: bool # If it equals \"true\" then the TPP prefers a rejection of the payment initiation in case the ASPSP is providing an integrated confirmation of funds request an the result of this is that not sufficient funds are available. If it equals \"false\" then the TPP prefers that the ASPSP is dealing with the payment initiation like in the ASPSPs online channel, potentially waiting for a certain time period for funds to arrive to initiate the payment. This parameter might be ignored by the ASPSP., TPP-Brand-Logging-Information: str # This header might be used by TPPs to inform the ASPSP about the brand used by the TPP towards the PSU. This information is meant for logging entries to enhance communication between ASPSP and PSU or ASPSP and TPP. This header might be ignored by the ASPSP., TPP-Notification-URI: str # URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP. For security reasons, it shall be ensured that the TPP-Notification-URI as introduced above is secured by the TPP eIDAS QWAC used for identification of the TPP. The following applies: URIs which are provided by TPPs in TPP-Notification-URI shall comply with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate. Please note that in case of example-TPP.com as certificate entry TPP- Notification-URI like www.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications or notifications.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications would be compliant. Wildcard definitions shall be taken into account for compliance checks by the ASPSP. ASPSPs may respond with ASPSP-Notification-Support set to false, if the provided URIs do not comply., TPP-Notification-Content-Preferred: str # The string has the form status=X1, ..., Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the of following semantics: SCA: A notification on every change of the scaStatus attribute for all related authorisation processes is preferred by the TPP. PROCESS: A notification on all changes of consentStatus or transactionStatus attributes is preferred by the TPP. LAST: Only a notification on the last consentStatus or transactionStatus as available in the XS2A interface is preferred by the TPP. This header field may be ignored, if the ASPSP does not support resource notification services for the related TPP.}\n@returns(201) {transactionStatus: str, paymentId: str, transactionFees: map{currency: str, amount: str}, currencyConversionFee: map{currency: str, amount: str}, estimatedTotalAmount: map{currency: str, amount: str}, estimatedInterbankSettlementAmount: map{currency: str, amount: str}, transactionFeeIndicator: bool, scaMethods: [map], chosenScaMethod: map{authenticationType: str, authenticationVersion: str, authenticationMethodId: str, name: str, explanation: str}, challengeData: map{image: str(byte), data: [str], imageLink: str, otpMaxLength: int, otpFormat: str, additionalInformation: str}, _links: map{scaRedirect: map{href: str}, scaOAuth: map{href: str}, confirmation: map{href: str}, startAuthorisation: map{href: str}, startAuthorisationWithPsuIdentification: map{href: str}, startAuthorisationWithPsuAuthentication: map{href: str}, startAuthorisationWithEncryptedPsuAuthentication: map{href: str}, startAuthorisationWithAuthenticationMethodSelection: map{href: str}, startAuthorisationWithTransactionAuthorisation: map{href: str}, self: map{href: str}, status: map{href: str}, scaStatus: map{href: str}}, psuMessage: str, tppMessages: [map]} # CREATED\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n@example_request {\"endToEndIdentification\":\"54947df80e9e4471a2f99af509fb5889\",\"debtorAccount\":{\"iban\":\"CH2781412000006944106\"},\"debtorAgent\":{\"bic\":\"KBTGCH22XXX\"},\"debtorName\":\"Example Isrone\",\"instructedAmount\":{\"currency\":\"CHF\",\"amount\":\"1000.00\"},\"creditorAccount\":{\"otherAccountIdentification\":\"010391391\"},\"creditorName\":\"Kunde 1\",\"creditorAddress\":{\"buildingNumber\":\"1\",\"townName\":\"Wittenbach\",\"country\":\"CH\",\"postCode\":\"9300\",\"streetName\":\"Kundenstrasse\"},\"remittanceInformationStructured\":\"210000000003139471430009017\",\"requestedExecutionDate\":\"2019-10-22\"}\n\n@endpoint GET /v1/{payment-service}/{payment-product}/{paymentId}\n@desc Get payment information\n@required {payment-service: str(payments/bulk-payments/periodic-payments) # Payment service: Possible values are: * payments * bulk-payments * periodic-payments, payment-product: str(domestic-swiss-credit-transfers-isr/domestic-swiss-credit-transfers/domestic-swiss-credit-transfers-qr/domestic-swiss-foreign-credit-transfers/swiss-sepa-credit-transfers/swiss-cross-border-credit-transfers/pain.001-sepa-credit-transfers/pain.001-cross-border-credit-transfers/pain.001-swiss-six-credit-transfers) # The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - domestic-swiss-credit-transfers-isr - domestic-swiss-credit-transfers - domestic-swiss-credit-transfers-qr - domestic-swiss-foreign-credit-transfers - swiss-sepa-credit-transfers - swiss-cross-border-credit-transfers - pain.001-sepa-credit-transfers - pain.001-cross-border-credit-transfers - pain.001-swiss-six-credit-transfers **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants., paymentId: str # Resource identification of the generated payment initiation resource.}\n@returns(200) OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint DELETE /v1/{payment-service}/{payment-product}/{paymentId}\n@desc Payment cancellation request\n@required {payment-service: str(payments/bulk-payments/periodic-payments) # Payment service: Possible values are: * payments * bulk-payments * periodic-payments, payment-product: str(domestic-swiss-credit-transfers-isr/domestic-swiss-credit-transfers/domestic-swiss-credit-transfers-qr/domestic-swiss-foreign-credit-transfers/swiss-sepa-credit-transfers/swiss-cross-border-credit-transfers/pain.001-sepa-credit-transfers/pain.001-cross-border-credit-transfers/pain.001-swiss-six-credit-transfers) # The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - domestic-swiss-credit-transfers-isr - domestic-swiss-credit-transfers - domestic-swiss-credit-transfers-qr - domestic-swiss-foreign-credit-transfers - swiss-sepa-credit-transfers - swiss-cross-border-credit-transfers - pain.001-sepa-credit-transfers - pain.001-cross-border-credit-transfers - pain.001-swiss-six-credit-transfers **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants., paymentId: str # Resource identification of the generated payment initiation resource.}\n@optional {TPP-Redirect-Preferred: bool # If it equals \"true\", the TPP prefers a redirect over an embedded SCA approach. If it equals \"false\", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU., TPP-Nok-Redirect-URI: str(uri) # If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP., TPP-Redirect-URI: str(uri) # URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals \"true\". It is recommended to always use this header field. **Remark for Future:** This field might be changed to mandatory in the next version of the specification., TPP-Explicit-Authorisation-Preferred: bool # If it equals \"true\", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality. If it equals \"false\" or if the parameter is not used, there is no preference of the TPP. This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step, without using a signing basket.}\n@returns(202) {transactionStatus: str, scaMethods: [map], chosenScaMethod: map{authenticationType: str, authenticationVersion: str, authenticationMethodId: str, name: str, explanation: str}, challengeData: map{image: str(byte), data: [str], imageLink: str, otpMaxLength: int, otpFormat: str, additionalInformation: str}, _links: map{startAuthorisation: map{href: str}, startAuthorisationWithPsuIdentification: map{href: str}, startAuthorisationWithPsuAuthentication: map{href: str}, startAuthorisationWithEncryptedPsuAuthentication: map{href: str}, startAuthorisationWithAuthenticationMethodSelection: map{href: str}}} # Received\n@returns(204) No Content\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint GET /v1/{payment-service}/{payment-product}/{paymentId}/status\n@desc Payment initiation status request\n@required {payment-service: str(payments/bulk-payments/periodic-payments) # Payment service: Possible values are: * payments * bulk-payments * periodic-payments, payment-product: str(domestic-swiss-credit-transfers-isr/domestic-swiss-credit-transfers/domestic-swiss-credit-transfers-qr/domestic-swiss-foreign-credit-transfers/swiss-sepa-credit-transfers/swiss-cross-border-credit-transfers/pain.001-sepa-credit-transfers/pain.001-cross-border-credit-transfers/pain.001-swiss-six-credit-transfers) # The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - domestic-swiss-credit-transfers-isr - domestic-swiss-credit-transfers - domestic-swiss-credit-transfers-qr - domestic-swiss-foreign-credit-transfers - swiss-sepa-credit-transfers - swiss-cross-border-credit-transfers - pain.001-sepa-credit-transfers - pain.001-cross-border-credit-transfers - pain.001-swiss-six-credit-transfers **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants., paymentId: str # Resource identification of the generated payment initiation resource.}\n@returns(200) {transactionStatus: str, fundsAvailable: bool, psuMessage: str} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint POST /v1/{payment-service}/{payment-product}/{paymentId}/authorisations\n@desc Start the authorisation process for a payment initiation\n@required {payment-service: str(payments/bulk-payments/periodic-payments) # Payment service: Possible values are: * payments * bulk-payments * periodic-payments, payment-product: str(domestic-swiss-credit-transfers-isr/domestic-swiss-credit-transfers/domestic-swiss-credit-transfers-qr/domestic-swiss-foreign-credit-transfers/swiss-sepa-credit-transfers/swiss-cross-border-credit-transfers/pain.001-sepa-credit-transfers/pain.001-cross-border-credit-transfers/pain.001-swiss-six-credit-transfers) # The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - domestic-swiss-credit-transfers-isr - domestic-swiss-credit-transfers - domestic-swiss-credit-transfers-qr - domestic-swiss-foreign-credit-transfers - swiss-sepa-credit-transfers - swiss-cross-border-credit-transfers - pain.001-sepa-credit-transfers - pain.001-cross-border-credit-transfers - pain.001-swiss-six-credit-transfers **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants., paymentId: str # Resource identification of the generated payment initiation resource.}\n@optional {PSU-ID: str # Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session. In this case the ASPSP might check whether PSU-ID and token match, according to ASPSP documentation., PSU-ID-Type: str # Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. In this case, the mean and use are then defined in the ASPSP's documentation., PSU-Corporate-ID: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., PSU-Corporate-ID-Type: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., TPP-Redirect-Preferred: bool # If it equals \"true\", the TPP prefers a redirect over an embedded SCA approach. If it equals \"false\", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU., TPP-Redirect-URI: str(uri) # URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals \"true\". It is recommended to always use this header field. **Remark for Future:** This field might be changed to mandatory in the next version of the specification., TPP-Nok-Redirect-URI: str(uri) # If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP., TPP-Notification-URI: str # URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP. For security reasons, it shall be ensured that the TPP-Notification-URI as introduced above is secured by the TPP eIDAS QWAC used for identification of the TPP. The following applies: URIs which are provided by TPPs in TPP-Notification-URI shall comply with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate. Please note that in case of example-TPP.com as certificate entry TPP- Notification-URI like www.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications or notifications.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications would be compliant. Wildcard definitions shall be taken into account for compliance checks by the ASPSP. ASPSPs may respond with ASPSP-Notification-Support set to false, if the provided URIs do not comply., TPP-Notification-Content-Preferred: str # The string has the form status=X1, ..., Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the of following semantics: SCA: A notification on every change of the scaStatus attribute for all related authorisation processes is preferred by the TPP. PROCESS: A notification on all changes of consentStatus or transactionStatus attributes is preferred by the TPP. LAST: Only a notification on the last consentStatus or transactionStatus as available in the XS2A interface is preferred by the TPP. This header field may be ignored, if the ASPSP does not support resource notification services for the related TPP.}\n@returns(201) {scaStatus: str, authorisationId: str, scaMethods: [map], chosenScaMethod: map{authenticationType: str, authenticationVersion: str, authenticationMethodId: str, name: str, explanation: str}, challengeData: map{image: str(byte), data: [str], imageLink: str, otpMaxLength: int, otpFormat: str, additionalInformation: str}, _links: map{scaRedirect: map{href: str}, scaOAuth: map{href: str}, confirmation: map{href: str}, updatePsuIdentification: map{href: str}, startAuthorisationWithPsuAuthentication: map{href: str}, startAuthorisationWithEncryptedPsuAuthentication: map{href: str}, selectAuthenticationMethod: map{href: str}, authoriseTransaction: map{href: str}, scaStatus: map{href: str}}, psuMessage: str} # Created\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint GET /v1/{payment-service}/{payment-product}/{paymentId}/authorisations\n@desc Get payment initiation authorisation sub-resources request\n@required {payment-service: str(payments/bulk-payments/periodic-payments) # Payment service: Possible values are: * payments * bulk-payments * periodic-payments, payment-product: str(domestic-swiss-credit-transfers-isr/domestic-swiss-credit-transfers/domestic-swiss-credit-transfers-qr/domestic-swiss-foreign-credit-transfers/swiss-sepa-credit-transfers/swiss-cross-border-credit-transfers/pain.001-sepa-credit-transfers/pain.001-cross-border-credit-transfers/pain.001-swiss-six-credit-transfers) # The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - domestic-swiss-credit-transfers-isr - domestic-swiss-credit-transfers - domestic-swiss-credit-transfers-qr - domestic-swiss-foreign-credit-transfers - swiss-sepa-credit-transfers - swiss-cross-border-credit-transfers - pain.001-sepa-credit-transfers - pain.001-cross-border-credit-transfers - pain.001-swiss-six-credit-transfers **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants., paymentId: str # Resource identification of the generated payment initiation resource.}\n@returns(200) {authorisationIds: [str]} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint GET /v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId}\n@desc Read the SCA status of the payment authorisation\n@required {payment-service: str(payments/bulk-payments/periodic-payments) # Payment service: Possible values are: * payments * bulk-payments * periodic-payments, payment-product: str(domestic-swiss-credit-transfers-isr/domestic-swiss-credit-transfers/domestic-swiss-credit-transfers-qr/domestic-swiss-foreign-credit-transfers/swiss-sepa-credit-transfers/swiss-cross-border-credit-transfers/pain.001-sepa-credit-transfers/pain.001-cross-border-credit-transfers/pain.001-swiss-six-credit-transfers) # The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - domestic-swiss-credit-transfers-isr - domestic-swiss-credit-transfers - domestic-swiss-credit-transfers-qr - domestic-swiss-foreign-credit-transfers - swiss-sepa-credit-transfers - swiss-cross-border-credit-transfers - pain.001-sepa-credit-transfers - pain.001-cross-border-credit-transfers - pain.001-swiss-six-credit-transfers **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants., paymentId: str # Resource identification of the generated payment initiation resource., authorisationId: str # Resource identification of the related SCA.}\n@returns(200) {scaStatus: str, psuMessage: str, trustedBeneficiaryFlag: bool} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint PUT /v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId}\n@desc Update PSU data for payment initiation\n@required {payment-service: str(payments/bulk-payments/periodic-payments) # Payment service: Possible values are: * payments * bulk-payments * periodic-payments, payment-product: str(domestic-swiss-credit-transfers-isr/domestic-swiss-credit-transfers/domestic-swiss-credit-transfers-qr/domestic-swiss-foreign-credit-transfers/swiss-sepa-credit-transfers/swiss-cross-border-credit-transfers/pain.001-sepa-credit-transfers/pain.001-cross-border-credit-transfers/pain.001-swiss-six-credit-transfers) # The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - domestic-swiss-credit-transfers-isr - domestic-swiss-credit-transfers - domestic-swiss-credit-transfers-qr - domestic-swiss-foreign-credit-transfers - swiss-sepa-credit-transfers - swiss-cross-border-credit-transfers - pain.001-sepa-credit-transfers - pain.001-cross-border-credit-transfers - pain.001-swiss-six-credit-transfers **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants., paymentId: str # Resource identification of the generated payment initiation resource., authorisationId: str # Resource identification of the related SCA.}\n@optional {PSU-ID: str # Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session. In this case the ASPSP might check whether PSU-ID and token match, according to ASPSP documentation., PSU-ID-Type: str # Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. In this case, the mean and use are then defined in the ASPSP's documentation., PSU-Corporate-ID: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., PSU-Corporate-ID-Type: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context.}\n@returns(200) OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n@example_request {}\n\n@endpoint POST /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations\n@desc Start the authorisation process for the cancellation of the addressed payment\n@required {payment-service: str(payments/bulk-payments/periodic-payments) # Payment service: Possible values are: * payments * bulk-payments * periodic-payments, payment-product: str(domestic-swiss-credit-transfers-isr/domestic-swiss-credit-transfers/domestic-swiss-credit-transfers-qr/domestic-swiss-foreign-credit-transfers/swiss-sepa-credit-transfers/swiss-cross-border-credit-transfers/pain.001-sepa-credit-transfers/pain.001-cross-border-credit-transfers/pain.001-swiss-six-credit-transfers) # The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - domestic-swiss-credit-transfers-isr - domestic-swiss-credit-transfers - domestic-swiss-credit-transfers-qr - domestic-swiss-foreign-credit-transfers - swiss-sepa-credit-transfers - swiss-cross-border-credit-transfers - pain.001-sepa-credit-transfers - pain.001-cross-border-credit-transfers - pain.001-swiss-six-credit-transfers **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants., paymentId: str # Resource identification of the generated payment initiation resource.}\n@optional {PSU-ID: str # Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session. In this case the ASPSP might check whether PSU-ID and token match, according to ASPSP documentation., PSU-ID-Type: str # Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. In this case, the mean and use are then defined in the ASPSP's documentation., PSU-Corporate-ID: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., PSU-Corporate-ID-Type: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., TPP-Redirect-Preferred: bool # If it equals \"true\", the TPP prefers a redirect over an embedded SCA approach. If it equals \"false\", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU., TPP-Redirect-URI: str(uri) # URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals \"true\". It is recommended to always use this header field. **Remark for Future:** This field might be changed to mandatory in the next version of the specification., TPP-Nok-Redirect-URI: str(uri) # If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP., TPP-Notification-URI: str # URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP. For security reasons, it shall be ensured that the TPP-Notification-URI as introduced above is secured by the TPP eIDAS QWAC used for identification of the TPP. The following applies: URIs which are provided by TPPs in TPP-Notification-URI shall comply with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate. Please note that in case of example-TPP.com as certificate entry TPP- Notification-URI like www.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications or notifications.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications would be compliant. Wildcard definitions shall be taken into account for compliance checks by the ASPSP. ASPSPs may respond with ASPSP-Notification-Support set to false, if the provided URIs do not comply., TPP-Notification-Content-Preferred: str # The string has the form status=X1, ..., Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the of following semantics: SCA: A notification on every change of the scaStatus attribute for all related authorisation processes is preferred by the TPP. PROCESS: A notification on all changes of consentStatus or transactionStatus attributes is preferred by the TPP. LAST: Only a notification on the last consentStatus or transactionStatus as available in the XS2A interface is preferred by the TPP. This header field may be ignored, if the ASPSP does not support resource notification services for the related TPP.}\n@returns(201) {scaStatus: str, authorisationId: str, scaMethods: [map], chosenScaMethod: map{authenticationType: str, authenticationVersion: str, authenticationMethodId: str, name: str, explanation: str}, challengeData: map{image: str(byte), data: [str], imageLink: str, otpMaxLength: int, otpFormat: str, additionalInformation: str}, _links: map{scaRedirect: map{href: str}, scaOAuth: map{href: str}, confirmation: map{href: str}, updatePsuIdentification: map{href: str}, startAuthorisationWithPsuAuthentication: map{href: str}, startAuthorisationWithEncryptedPsuAuthentication: map{href: str}, selectAuthenticationMethod: map{href: str}, authoriseTransaction: map{href: str}, scaStatus: map{href: str}}, psuMessage: str} # Created\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint GET /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations\n@desc Will deliver an array of resource identifications to all generated cancellation authorisation sub-resources\n@required {payment-service: str(payments/bulk-payments/periodic-payments) # Payment service: Possible values are: * payments * bulk-payments * periodic-payments, payment-product: str(domestic-swiss-credit-transfers-isr/domestic-swiss-credit-transfers/domestic-swiss-credit-transfers-qr/domestic-swiss-foreign-credit-transfers/swiss-sepa-credit-transfers/swiss-cross-border-credit-transfers/pain.001-sepa-credit-transfers/pain.001-cross-border-credit-transfers/pain.001-swiss-six-credit-transfers) # The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - domestic-swiss-credit-transfers-isr - domestic-swiss-credit-transfers - domestic-swiss-credit-transfers-qr - domestic-swiss-foreign-credit-transfers - swiss-sepa-credit-transfers - swiss-cross-border-credit-transfers - pain.001-sepa-credit-transfers - pain.001-cross-border-credit-transfers - pain.001-swiss-six-credit-transfers **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants., paymentId: str # Resource identification of the generated payment initiation resource.}\n@returns(200) {authorisationIds: [str]} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint GET /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations/{authorisationId}\n@desc Read the SCA status of the payment cancellation's authorisation\n@required {payment-service: str(payments/bulk-payments/periodic-payments) # Payment service: Possible values are: * payments * bulk-payments * periodic-payments, payment-product: str(domestic-swiss-credit-transfers-isr/domestic-swiss-credit-transfers/domestic-swiss-credit-transfers-qr/domestic-swiss-foreign-credit-transfers/swiss-sepa-credit-transfers/swiss-cross-border-credit-transfers/pain.001-sepa-credit-transfers/pain.001-cross-border-credit-transfers/pain.001-swiss-six-credit-transfers) # The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - domestic-swiss-credit-transfers-isr - domestic-swiss-credit-transfers - domestic-swiss-credit-transfers-qr - domestic-swiss-foreign-credit-transfers - swiss-sepa-credit-transfers - swiss-cross-border-credit-transfers - pain.001-sepa-credit-transfers - pain.001-cross-border-credit-transfers - pain.001-swiss-six-credit-transfers **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants., paymentId: str # Resource identification of the generated payment initiation resource., authorisationId: str # Resource identification of the related SCA.}\n@returns(200) {scaStatus: str, psuMessage: str, trustedBeneficiaryFlag: bool} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint PUT /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations/{authorisationId}\n@desc Update PSU data for payment initiation cancellation\n@required {payment-service: str(payments/bulk-payments/periodic-payments) # Payment service: Possible values are: * payments * bulk-payments * periodic-payments, payment-product: str(domestic-swiss-credit-transfers-isr/domestic-swiss-credit-transfers/domestic-swiss-credit-transfers-qr/domestic-swiss-foreign-credit-transfers/swiss-sepa-credit-transfers/swiss-cross-border-credit-transfers/pain.001-sepa-credit-transfers/pain.001-cross-border-credit-transfers/pain.001-swiss-six-credit-transfers) # The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - domestic-swiss-credit-transfers-isr - domestic-swiss-credit-transfers - domestic-swiss-credit-transfers-qr - domestic-swiss-foreign-credit-transfers - swiss-sepa-credit-transfers - swiss-cross-border-credit-transfers - pain.001-sepa-credit-transfers - pain.001-cross-border-credit-transfers - pain.001-swiss-six-credit-transfers **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants., paymentId: str # Resource identification of the generated payment initiation resource., authorisationId: str # Resource identification of the related SCA.}\n@optional {PSU-ID: str # Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session. In this case the ASPSP might check whether PSU-ID and token match, according to ASPSP documentation., PSU-ID-Type: str # Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. In this case, the mean and use are then defined in the ASPSP's documentation., PSU-Corporate-ID: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., PSU-Corporate-ID-Type: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context.}\n@returns(200) OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n@example_request {}\n\n@endgroup\n\n@group accounts\n@endpoint GET /v1/accounts\n@desc Read account list\n@required {Consent-ID: str # This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation.}\n@optional {withBalance: bool # If contained, this function reads the list of accessible payment accounts including the booking balance, if granted by the PSU in the related consent and available by the ASPSP. This parameter might be ignored by the ASPSP.}\n@returns(200) {accounts: [map]} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint GET /v1/accounts/{account-id}\n@desc Read account details\n@required {account-id: str # This identification is denoting the addressed (card) account. The account-id is retrieved by using a \"Read Account List\" or \"Read Card Account list\" call. The account-id is the \"resourceId\" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent., Consent-ID: str # This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation.}\n@optional {withBalance: bool # If contained, this function reads the list of accessible payment accounts including the booking balance, if granted by the PSU in the related consent and available by the ASPSP. This parameter might be ignored by the ASPSP.}\n@returns(200) {account: map{resourceId: str, iban: str, bban: str, msisdn: str, currency: str, name: str, displayName: str, product: str, cashAccountType: str, status: str, bic: str, linkedAccounts: str, usage: str, details: str, balances: [map], _links: map{balances: map{href: str}, transactions: map{href: str}}, ownerName: str}} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint GET /v1/accounts/{account-id}/balances\n@desc Read balance\n@required {account-id: str # This identification is denoting the addressed (card) account. The account-id is retrieved by using a \"Read Account List\" or \"Read Card Account list\" call. The account-id is the \"resourceId\" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent., Consent-ID: str # This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation.}\n@returns(200) {account: map{iban: str, otherAccountIdentification: str, currency: str, cashAccountType: str}, balances: [map]} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint GET /v1/accounts/{account-id}/transactions\n@desc Read transaction list of an account\n@required {account-id: str # This identification is denoting the addressed (card) account. The account-id is retrieved by using a \"Read Account List\" or \"Read Card Account list\" call. The account-id is the \"resourceId\" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent., bookingStatus: str(information/booked/pending/both) # Permitted codes are * \"information\", * \"booked\", * \"pending\", and * \"both\" \"booked\" shall be supported by the ASPSP. To support the \"pending\" and \"both\" feature is optional for the ASPSP, Error code if not supported in the online banking frontend, Consent-ID: str # This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation.}\n@optional {dateFrom: str(date) # Conditional: Starting date (inclusive the date dateFrom) of the transaction list, mandated if no delta access is required and if bookingStatus does not equal \"information\". For booked transactions, the relevant date is the booking date. For pending transactions, the relevant date is the entry date, which may not be transparent neither in this API nor other channels of the ASPSP., dateTo: str(date) # End date (inclusive the data dateTo) of the transaction list, default is \"now\" if not given. Might be ignored if a delta function is used. For booked transactions, the relevant date is the booking date. For pending transactions, the relevant date is the entry date, which may not be transparent neither in this API nor other channels of the ASPSP., entryReferenceFrom: str # This data attribute is indicating that the AISP is in favour to get all transactions after the transaction with identification entryReferenceFrom alternatively to the above defined period. This is a implementation of a delta access. If this data element is contained, the entries \"dateFrom\" and \"dateTo\" might be ignored by the ASPSP if a delta report is supported. Optional if supported by API provider., deltaList: bool # This data attribute is indicating that the AISP is in favour to get all transactions after the last report access for this PSU on the addressed account. This is another implementation of a delta access-report. This delta indicator might be rejected by the ASPSP if this function is not supported. Optional if supported by API provider, withBalance: bool # If contained, this function reads the list of accessible payment accounts including the booking balance, if granted by the PSU in the related consent and available by the ASPSP. This parameter might be ignored by the ASPSP.}\n@returns(200) {account: map{iban: str, otherAccountIdentification: str, currency: str, cashAccountType: str}, transactions: map{booked: [map], pending: [map], information: [map], _links: map{account: map{href: str}, first: map{href: str}, next: map{href: str}, previous: map{href: str}, last: map{href: str}}}, balances: [map], _links: map{download: map{href: str}}} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint GET /v1/accounts/{account-id}/transactions/{transactionId}\n@desc Read transaction details\n@required {account-id: str # This identification is denoting the addressed (card) account. The account-id is retrieved by using a \"Read Account List\" or \"Read Card Account list\" call. The account-id is the \"resourceId\" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent., transactionId: str # This identification is given by the attribute transactionId of the corresponding entry of a transaction list., Consent-ID: str # This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation.}\n@returns(200) {transactionsDetails: map{transactionDetails: map{transactionId: str, entryReference: str, endToEndId: str, batchIndicator: bool, batchNumberOfTransactions: int, mandateId: str, checkId: str, creditorId: str, bookingDate: str(date), valueDate: str(date), transactionAmount: map{currency: str, amount: str}, currencyExchange: [map], creditorName: str, creditorAccount: map{iban: str, otherAccountIdentification: str, currency: str, cashAccountType: str}, creditorAgent: str, ultimateCreditor: str, debtorName: str, debtorAccount: map{iban: str, otherAccountIdentification: str, currency: str, cashAccountType: str}, debtorAgent: str, ultimateDebtor: str, remittanceInformationUnstructured: str, remittanceInformationUnstructuredArray: [str], remittanceInformationStructured: str, remittanceInformationStructuredArray: [map], entryDetails: [map], additionalInformation: str, additionalInformationStructured: map{standingOrderDetails: map}, purposeCode: str, bankTransactionCode: str, proprietaryBankTransactionCode: str, balanceAfterTransaction: map{balanceAmount: map, balanceType: str, creditLimitIncluded: bool, lastChangeDateTime: str(date-time), referenceDate: str(date), lastCommittedTransaction: str}, _links: map{transactionDetails: map}}}} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endgroup\n\n@group consents\n@endpoint POST /v1/consents\n@desc Create consent\n@required {access: map{accounts: [map], balances: [map], transactions: [map], additionalInformation: map, availableAccounts: str, availableAccountsWithBalance: str, allPsd2: str, restrictedTo: [str]} # Requested access services for a consent., recurringIndicator: bool # \"true\", if the consent is for recurring access to the account data. \"false\", if the consent is for one access to the account data., validUntil: str(date) # This parameter is defining a valid until date (including the mentioned date) for the requested consent. The content is the local ASPSP date in ISO-Date format, e.g. 2017-10-30. Future dates might get adjusted by ASPSP. If a maximal available date is requested, a date in far future is to be used: \"9999-12-31\". In both cases the consent object to be retrieved by the get consent request will contain the adjusted date., frequencyPerDay: int # This field indicates the requested maximum frequency for an access without PSU involvement per day. For a one-off access, this attribute is set to \"1\". The frequency needs to be greater equal to one. If not otherwise agreed bilaterally between TPP and ASPSP, the frequency is less equal to 4., combinedServiceIndicator: bool # If \"true\" indicates that a payment initiation service will be addressed in the same \"session\".}\n@optional {PSU-ID: str # Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session. In this case the ASPSP might check whether PSU-ID and token match, according to ASPSP documentation., PSU-ID-Type: str # Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. In this case, the mean and use are then defined in the ASPSP's documentation., PSU-Corporate-ID: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., PSU-Corporate-ID-Type: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., TPP-Redirect-Preferred: bool # If it equals \"true\", the TPP prefers a redirect over an embedded SCA approach. If it equals \"false\", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU., TPP-Redirect-URI: str(uri) # URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals \"true\". It is recommended to always use this header field. **Remark for Future:** This field might be changed to mandatory in the next version of the specification., TPP-Nok-Redirect-URI: str(uri) # If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP., TPP-Explicit-Authorisation-Preferred: bool # If it equals \"true\", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality. If it equals \"false\" or if the parameter is not used, there is no preference of the TPP. This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step, without using a signing basket., TPP-Brand-Logging-Information: str # This header might be used by TPPs to inform the ASPSP about the brand used by the TPP towards the PSU. This information is meant for logging entries to enhance communication between ASPSP and PSU or ASPSP and TPP. This header might be ignored by the ASPSP., TPP-Notification-URI: str # URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP. For security reasons, it shall be ensured that the TPP-Notification-URI as introduced above is secured by the TPP eIDAS QWAC used for identification of the TPP. The following applies: URIs which are provided by TPPs in TPP-Notification-URI shall comply with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate. Please note that in case of example-TPP.com as certificate entry TPP- Notification-URI like www.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications or notifications.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications would be compliant. Wildcard definitions shall be taken into account for compliance checks by the ASPSP. ASPSPs may respond with ASPSP-Notification-Support set to false, if the provided URIs do not comply., TPP-Notification-Content-Preferred: str # The string has the form status=X1, ..., Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the of following semantics: SCA: A notification on every change of the scaStatus attribute for all related authorisation processes is preferred by the TPP. PROCESS: A notification on all changes of consentStatus or transactionStatus attributes is preferred by the TPP. LAST: Only a notification on the last consentStatus or transactionStatus as available in the XS2A interface is preferred by the TPP. This header field may be ignored, if the ASPSP does not support resource notification services for the related TPP.}\n@returns(201) {consentStatus: str, consentId: str, scaMethods: [map], chosenScaMethod: map{authenticationType: str, authenticationVersion: str, authenticationMethodId: str, name: str, explanation: str}, challengeData: map{image: str(byte), data: [str], imageLink: str, otpMaxLength: int, otpFormat: str, additionalInformation: str}, _links: map{scaRedirect: map{href: str}, scaOAuth: map{href: str}, confirmation: map{href: str}, startAuthorisation: map{href: str}, startAuthorisationWithPsuIdentification: map{href: str}, startAuthorisationWithPsuAuthentication: map{href: str}, startAuthorisationWithEncryptedPsuAuthentication: map{href: str}, startAuthorisationWithAuthenticationMethodSelection: map{href: str}, startAuthorisationWithTransactionAuthorisation: map{href: str}, self: map{href: str}, status: map{href: str}, scaStatus: map{href: str}}, psuMessage: str} # Created\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n@example_request {\"access\":{\"balances\":[{\"iban\":\"DE40100100103307118608\"},{\"iban\":\"DE02100100109307118603\",\"currency\":\"USD\"},{\"iban\":\"DE67100100101306118605\"}],\"transactions\":[{\"iban\":\"DE40100100103307118608\"},{\"maskedPan\":\"123456xxxxxx1234\"}]},\"recurringIndicator\":\"true\",\"validUntil\":\"2017-11-01\",\"frequencyPerDay\":4}\n\n@endpoint GET /v1/consents/{consentId}\n@desc Get consent request\n@required {consentId: str # ID of the corresponding consent object as returned by an account information consent request.}\n@returns(200) {access: map{accounts: [map], balances: [map], transactions: [map], additionalInformation: map{ownerName: [map], trustedBeneficiaries: [map]}, availableAccounts: str, availableAccountsWithBalance: str, allPsd2: str, restrictedTo: [str]}, recurringIndicator: bool, validUntil: str(date), frequencyPerDay: int, lastActionDate: str(date), consentStatus: str, _links: map{account: map{href: str}, card-account: map{href: str}}} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint DELETE /v1/consents/{consentId}\n@desc Delete Consent\n@required {consentId: str # ID of the corresponding consent object as returned by an account information consent request.}\n@returns(204) No Content\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint GET /v1/consents/{consentId}/status\n@desc Consent status request\n@required {consentId: str # ID of the corresponding consent object as returned by an account information consent request.}\n@returns(200) {consentStatus: str, psuMessage: str} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint POST /v1/consents/{consentId}/authorisations\n@desc Start the authorisation process for a consent\n@required {consentId: str # ID of the corresponding consent object as returned by an account information consent request.}\n@optional {PSU-ID: str # Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session. In this case the ASPSP might check whether PSU-ID and token match, according to ASPSP documentation., PSU-ID-Type: str # Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. In this case, the mean and use are then defined in the ASPSP's documentation., PSU-Corporate-ID: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., PSU-Corporate-ID-Type: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., TPP-Redirect-Preferred: bool # If it equals \"true\", the TPP prefers a redirect over an embedded SCA approach. If it equals \"false\", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU., TPP-Redirect-URI: str(uri) # URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals \"true\". It is recommended to always use this header field. **Remark for Future:** This field might be changed to mandatory in the next version of the specification., TPP-Nok-Redirect-URI: str(uri) # If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP., TPP-Notification-URI: str # URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP. For security reasons, it shall be ensured that the TPP-Notification-URI as introduced above is secured by the TPP eIDAS QWAC used for identification of the TPP. The following applies: URIs which are provided by TPPs in TPP-Notification-URI shall comply with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate. Please note that in case of example-TPP.com as certificate entry TPP- Notification-URI like www.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications or notifications.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications would be compliant. Wildcard definitions shall be taken into account for compliance checks by the ASPSP. ASPSPs may respond with ASPSP-Notification-Support set to false, if the provided URIs do not comply., TPP-Notification-Content-Preferred: str # The string has the form status=X1, ..., Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the of following semantics: SCA: A notification on every change of the scaStatus attribute for all related authorisation processes is preferred by the TPP. PROCESS: A notification on all changes of consentStatus or transactionStatus attributes is preferred by the TPP. LAST: Only a notification on the last consentStatus or transactionStatus as available in the XS2A interface is preferred by the TPP. This header field may be ignored, if the ASPSP does not support resource notification services for the related TPP.}\n@returns(201) {scaStatus: str, authorisationId: str, scaMethods: [map], chosenScaMethod: map{authenticationType: str, authenticationVersion: str, authenticationMethodId: str, name: str, explanation: str}, challengeData: map{image: str(byte), data: [str], imageLink: str, otpMaxLength: int, otpFormat: str, additionalInformation: str}, _links: map{scaRedirect: map{href: str}, scaOAuth: map{href: str}, confirmation: map{href: str}, updatePsuIdentification: map{href: str}, startAuthorisationWithPsuAuthentication: map{href: str}, startAuthorisationWithEncryptedPsuAuthentication: map{href: str}, selectAuthenticationMethod: map{href: str}, authoriseTransaction: map{href: str}, scaStatus: map{href: str}}, psuMessage: str} # Created\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint GET /v1/consents/{consentId}/authorisations\n@desc Get consent authorisation sub-resources request\n@required {consentId: str # ID of the corresponding consent object as returned by an account information consent request.}\n@returns(200) {authorisationIds: [str]} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint GET /v1/consents/{consentId}/authorisations/{authorisationId}\n@desc Read the SCA status of the consent authorisation\n@required {consentId: str # ID of the corresponding consent object as returned by an account information consent request., authorisationId: str # Resource identification of the related SCA.}\n@returns(200) {scaStatus: str, psuMessage: str, trustedBeneficiaryFlag: bool} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint PUT /v1/consents/{consentId}/authorisations/{authorisationId}\n@desc Update PSU Data for consents\n@required {consentId: str # ID of the corresponding consent object as returned by an account information consent request., authorisationId: str # Resource identification of the related SCA.}\n@optional {PSU-ID: str # Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session. In this case the ASPSP might check whether PSU-ID and token match, according to ASPSP documentation., PSU-ID-Type: str # Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. In this case, the mean and use are then defined in the ASPSP's documentation., PSU-Corporate-ID: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., PSU-Corporate-ID-Type: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context.}\n@returns(200) OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n@example_request {}\n\n@endgroup\n\n@group funds-confirmations\n@endpoint POST /v1/funds-confirmations\n@desc Confirmation of funds request\n@required {account: map{iban: str, otherAccountIdentification: str, currency: str, cashAccountType: str} # Reference to an account by either * IBAN, of a payment accounts, or * otherAccountIdentification, for payment accounts if there is no IBAN adapted from ISO pain.001.001.03.ch.02 CashAccount16-CH_IdTpCcy, instructedAmount: map{currency!: str, amount!: str}}\n@optional {Authorization: str # This field might be used in case where a consent was agreed between ASPSP and PSU through an OAuth2 based protocol, facilitated by the TPP., cardNumber: str # Card Number of the card issued by the PIISP. Should be delivered if available., payee: str # Name payee.}\n@returns(200) {fundsAvailable: bool} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n@example_request {\"cardNumber\":\"12345678901234\",\"account\":{\"iban\":\"DE23100120020123456789\"},\"instructedAmount\":{\"currency\":\"EUR\",\"amount\":\"123\"}}\n\n@endgroup\n\n@group signing-baskets\n@endpoint POST /v1/signing-baskets\n@desc Create a signing basket resource\n@optional {PSU-ID: str # Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session. In this case the ASPSP might check whether PSU-ID and token match, according to ASPSP documentation., PSU-ID-Type: str # Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. In this case, the mean and use are then defined in the ASPSP's documentation., PSU-Corporate-ID: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., PSU-Corporate-ID-Type: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., Consent-ID: str # This data element may be contained, if the payment initiation transaction is part of a session, i.e. combined AIS/PIS service. This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation., TPP-Redirect-Preferred: bool # If it equals \"true\", the TPP prefers a redirect over an embedded SCA approach. If it equals \"false\", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU., TPP-Redirect-URI: str(uri) # URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals \"true\". It is recommended to always use this header field. **Remark for Future:** This field might be changed to mandatory in the next version of the specification., TPP-Nok-Redirect-URI: str(uri) # If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP., TPP-Explicit-Authorisation-Preferred: bool # If it equals \"true\", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality. If it equals \"false\" or if the parameter is not used, there is no preference of the TPP. This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step, without using a signing basket., TPP-Notification-URI: str # URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP. For security reasons, it shall be ensured that the TPP-Notification-URI as introduced above is secured by the TPP eIDAS QWAC used for identification of the TPP. The following applies: URIs which are provided by TPPs in TPP-Notification-URI shall comply with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate. Please note that in case of example-TPP.com as certificate entry TPP- Notification-URI like www.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications or notifications.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications would be compliant. Wildcard definitions shall be taken into account for compliance checks by the ASPSP. ASPSPs may respond with ASPSP-Notification-Support set to false, if the provided URIs do not comply., TPP-Notification-Content-Preferred: str # The string has the form status=X1, ..., Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the of following semantics: SCA: A notification on every change of the scaStatus attribute for all related authorisation processes is preferred by the TPP. PROCESS: A notification on all changes of consentStatus or transactionStatus attributes is preferred by the TPP. LAST: Only a notification on the last consentStatus or transactionStatus as available in the XS2A interface is preferred by the TPP. This header field may be ignored, if the ASPSP does not support resource notification services for the related TPP., paymentIds: [str] # A list of paymentIds., consentIds: [str] # A list of consentIds.}\n@returns(201) {transactionStatus: str, basketId: str, scaMethods: [map], chosenScaMethod: map{authenticationType: str, authenticationVersion: str, authenticationMethodId: str, name: str, explanation: str}, challengeData: map{image: str(byte), data: [str], imageLink: str, otpMaxLength: int, otpFormat: str, additionalInformation: str}, _links: map{scaRedirect: map{href: str}, scaOAuth: map{href: str}, startAuthorisation: map{href: str}, startAuthorisationWithPsuIdentification: map{href: str}, startAuthorisationWithPsuAuthentication: map{href: str}, startAuthorisationWithEncryptedPsuAuthentication: map{href: str}, startAuthorisationWithAuthenticationMethodSelection: map{href: str}, startAuthorisationWithTransactionAuthorisation: map{href: str}, self: map{href: str}, status: map{href: str}, scaStatus: map{href: str}}, psuMessage: str, tppMessages: [map]} # Created\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n@example_request {\"paymentIds\":[\"123qwert456789\",\"12345qwert7899\"]}\n\n@endpoint GET /v1/signing-baskets/{basketId}\n@desc Returns the content of an signing basket object\n@required {basketId: str # This identification of the corresponding signing basket object.}\n@returns(200) {payments: [str], consents: [str], transactionStatus: str, _links: map{scaRedirect: map{href: str}, scaOAuth: map{href: str}, startAuthorisation: map{href: str}, startAuthorisationWithPsuIdentification: map{href: str}, startAuthorisationWithPsuAuthentication: map{href: str}, startAuthorisationWithEncryptedPsuAuthentication: map{href: str}, startAuthorisationWithAuthenticationMethodSelection: map{href: str}, startAuthorisationWithTransactionAuthorisation: map{href: str}, self: map{href: str}, status: map{href: str}, scaStatus: map{href: str}}} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint DELETE /v1/signing-baskets/{basketId}\n@desc Delete the signing basket\n@required {basketId: str # This identification of the corresponding signing basket object.}\n@returns(204) No Content\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint GET /v1/signing-baskets/{basketId}/status\n@desc Read the status of the signing basket\n@required {basketId: str # This identification of the corresponding signing basket object.}\n@optional {PSU-ID: str # Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session. In this case the ASPSP might check whether PSU-ID and token match, according to ASPSP documentation., PSU-ID-Type: str # Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. In this case, the mean and use are then defined in the ASPSP's documentation., PSU-Corporate-ID: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., PSU-Corporate-ID-Type: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context.}\n@returns(200) {transactionStatus: str} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint POST /v1/signing-baskets/{basketId}/authorisations\n@desc Start the authorisation process for a signing basket\n@required {basketId: str # This identification of the corresponding signing basket object.}\n@optional {PSU-ID: str # Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session. In this case the ASPSP might check whether PSU-ID and token match, according to ASPSP documentation., PSU-ID-Type: str # Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. In this case, the mean and use are then defined in the ASPSP's documentation., PSU-Corporate-ID: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., PSU-Corporate-ID-Type: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., TPP-Redirect-Preferred: bool # If it equals \"true\", the TPP prefers a redirect over an embedded SCA approach. If it equals \"false\", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU., TPP-Redirect-URI: str(uri) # URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals \"true\". It is recommended to always use this header field. **Remark for Future:** This field might be changed to mandatory in the next version of the specification., TPP-Nok-Redirect-URI: str(uri) # If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP., TPP-Notification-URI: str # URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP. For security reasons, it shall be ensured that the TPP-Notification-URI as introduced above is secured by the TPP eIDAS QWAC used for identification of the TPP. The following applies: URIs which are provided by TPPs in TPP-Notification-URI shall comply with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate. Please note that in case of example-TPP.com as certificate entry TPP- Notification-URI like www.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications or notifications.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications would be compliant. Wildcard definitions shall be taken into account for compliance checks by the ASPSP. ASPSPs may respond with ASPSP-Notification-Support set to false, if the provided URIs do not comply., TPP-Notification-Content-Preferred: str # The string has the form status=X1, ..., Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the of following semantics: SCA: A notification on every change of the scaStatus attribute for all related authorisation processes is preferred by the TPP. PROCESS: A notification on all changes of consentStatus or transactionStatus attributes is preferred by the TPP. LAST: Only a notification on the last consentStatus or transactionStatus as available in the XS2A interface is preferred by the TPP. This header field may be ignored, if the ASPSP does not support resource notification services for the related TPP.}\n@returns(201) {scaStatus: str, authorisationId: str, scaMethods: [map], chosenScaMethod: map{authenticationType: str, authenticationVersion: str, authenticationMethodId: str, name: str, explanation: str}, challengeData: map{image: str(byte), data: [str], imageLink: str, otpMaxLength: int, otpFormat: str, additionalInformation: str}, _links: map{scaRedirect: map{href: str}, scaOAuth: map{href: str}, confirmation: map{href: str}, updatePsuIdentification: map{href: str}, startAuthorisationWithPsuAuthentication: map{href: str}, startAuthorisationWithEncryptedPsuAuthentication: map{href: str}, selectAuthenticationMethod: map{href: str}, authoriseTransaction: map{href: str}, scaStatus: map{href: str}}, psuMessage: str} # Created\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint GET /v1/signing-baskets/{basketId}/authorisations\n@desc Get signing basket authorisation sub-resources request\n@required {basketId: str # This identification of the corresponding signing basket object.}\n@returns(200) {authorisationIds: [str]} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endpoint PUT /v1/signing-baskets/{basketId}/authorisations/{authorisationId}\n@desc Update PSU data for signing basket\n@required {basketId: str # This identification of the corresponding signing basket object., authorisationId: str # Resource identification of the related SCA.}\n@optional {PSU-ID: str # Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session. In this case the ASPSP might check whether PSU-ID and token match, according to ASPSP documentation., PSU-ID-Type: str # Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. In this case, the mean and use are then defined in the ASPSP's documentation., PSU-Corporate-ID: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context., PSU-Corporate-ID-Type: str # Might be mandated in the ASPSP's documentation. Only used in a corporate context.}\n@returns(200) OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n@example_request {}\n\n@endpoint GET /v1/signing-baskets/{basketId}/authorisations/{authorisationId}\n@desc Read the SCA status of the signing basket authorisation\n@required {basketId: str # This identification of the corresponding signing basket object., authorisationId: str # Resource identification of the related SCA.}\n@returns(200) {scaStatus: str, psuMessage: str, trustedBeneficiaryFlag: bool} # OK\n@errors {400: Bad Request, 401: Unauthorized, 403: Forbidden, 404: Not found, 405: Method Not Allowed, 406: Not Acceptable, 408: Request Timeout, 409: Conflict, 415: Unsupported Media Type, 429: Too Many Requests, 500: Internal Server Error, 503: Service Unavailable}\n\n@endgroup\n\n@end\n"}}